I’ve been seeing a few common questions regarding Edge Transport servers lately so I thought I would put the answers all in one place, as they all basically relate to the same underlying point about how EdgeSync works.

Q: Why does my Edge Transport server have a little blue icon on it?

A: It is the warning for the trial period running out. To fix it, use the Exchange management tools on the Edge Transport server to apply your product key, then recreate the Edge subscription.

Q: Why does my Edge Transport server have the wrong version number displayed?

A: The version number displayed is the one that was written to Active Directory at the time the Edge subscription was created. Because EdgeSync is a one way process, the version number does not update as you update the Edge Transport server to newer versions. If you want the version number to reflect the current value, recreate the Edge subscription.

A: Certificates for the Edge Transport server can only be managed using the management tools on the Edge Transport server.

Q: What, do you mean I have to recreate the Edge subscription just for little things like product keys and version numbers?

A: No, you don’t have to. If the blue icon and incorrect version number aren’t bothering you or causing you any administrative pain then you can just leave it alone.

Just remember that EdgeSync is a one-way process in which data is synchronized to the Edge Transport server. The Edge Transport server typically sits in a secure perimeter network where it is exposed to the internet to some degree. Allowing such a server to write changes back into the Active Directory would be a security risk.

To demonstrate, the screenshot above was taken when my Edge Transport server already had a product key applied and had already been updated to Exchange Server 2010 SP3, as you can see here when viewed using the Exchange management console on the Edge Transport server itself.

After recreating the Edge subscription, the view of the Edge Transport server reflects the current version number and license status.

“Allowing such a server to write changes back into the Active Directory would be a security risk” – I like that – how about Microsoft design for CAS server – DMZ not suported … well, well … Allowing such design is insane at best …

It seems as though there is no way in EMC to manage certs on the edge servers and trying to import new certs via EMS fails with access denied. Do you know if this is normal? I don’t know how to get a new cert installed.